IBM Security Resilient

Working with multiple resilient-circuits on the same linux box

By Ali Okan Yuksel posted Tue May 26, 2020 04:47 PM


Hi everyone,

Resilient Circuits framework helps you write the Python code that performs the integration logic for functions or custom actions by generating a Python package with a boilerplate implementation for Resilient SOAR Platform.

In this post I will share the details about running multiple Resilient Circuit apps on the same system. As you know resilient-circuits and additional modules should work on a python environment. And if you want to run multiple circuits on the same machine you need to create independent python environments on the same box, there are multiple ways to do that. I will share some details for two different techniques in this post.


Python applications will often use packages and modules that don’t come as part of the standard library. Applications will sometimes need a specific version of a library, because the application may require that a particular bug has been fixed or the application may be written using an obsolete version of the library’s interface.

virtualenv is a tool to create isolated Python environments.

Virtualenv Installation on Ubuntu

aokanx@ubuntu:~$ lsb_release -a
No LSB modules are available.
Distributor ID:    Ubuntu
Description:    Ubuntu 18.04.2 LTS
Release:    18.04
Codename:    bionic
aokanx@ubuntu:~$ python3 -V
Python 3.6.8
aokanx@ubuntu:~$ sudo apt install -y python3-pip
aokanx@ubuntu:~$ sudo apt install build-essential libssl-dev libffi-dev python3-dev
aokanx@ubuntu:~$ sudo apt install python3-venv -y


Create and Activate a new venv:

aokanx@ubuntu:~$ python3 -m venv my_test_env1
aokanx@ubuntu:~$ source circuit1/bin/activate

Install resilient-circuits:

aokanx@ubuntu:~$ pip3 install setuptools_scm wheel
aokanx@ubuntu:~$ pip3 install resilient-circuits


If you want to deactive current virtual python environment you can use deactive command like this:

(my_test_env1) aokanx@ubuntu:~$ deactivate


I created a user for each circuit session and I installed required packages with the same method.

aokanx@ubuntu:~$ sudo useradd -m circuit1
aokanx@ubuntu:~$ sudo usermod -s /bin/bash circuit1
aokanx@ubuntu:~$ sudo su - circuit1
circuit1@ubuntu:~$ python3 -m venv circuit1
circuit1@ubuntu:~$ source circuit1/bin/activate
(circuit1) circuit1@ubuntu:~$ pip3 install setuptools_scm wheel
(circuit1) circuit1@ubuntu:~$ pip3 install resilient-circuits
(circuit1) circuit1@ubuntu:~$ pip3 freeze

You you need some additional configurations also.
First you need to use different stomp_port numbers foreach circuit which is defined in app.config file. And you need to modify app.config and lock file locations in ~/dev/dev/lib/python2.7/site-packages/resilient_circuits/ file.

Alternately, instead of modifying original to configure the lock file as described, you can perform the following in your file which exists in your ciruit's home directory:
For more information about this method you can check Resilient documentation also.


In this method you need to install an embedded python setup for each circuit environment.

Conda is an open source package management system and environment management system that runs on Windows, macOS, and Linux. Conda quickly installs, runs and updates packages and their dependencies. Conda easily creates, saves, loads, and switches between environments on your local computer. It was created for Python programs but it can package and distribute software for any language.

Miniconda is a free minimal installer for conda. It is a small, bootstrap version of Anaconda that includes only conda, Python, the packages they depend on, and a small number of other useful packages, including pip, zlib and a few others



For installation you just need to run the script in the user's home directory and follow instructions.
Each independent user has its own python (miniconda) environment. And you can install independent resilient-circuits by switching different users.

You you need an additional configuration again. You should use different stomp_port numbers foreach circuit which is defined in app.config file.  Otherwise you can get some error messages because of usage of the same stomp_port number for different circuits.




Wed July 22, 2020 09:14 AM

Docker is better, yes, especially for MSSP production environments, but for some tests, POC, Non Prod... this is good enough! No?

Sun July 19, 2020 12:31 PM

This is not a professional approach. You may use docker. And you may find a way for running resilient-circuits service for all of them.